[Bug 249522] Review Request: sepostgresql - Security-Enhanced PostgreSQL

bugzilla at redhat.com bugzilla at redhat.com
Fri Aug 3 17:36:11 UTC 2007 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: Review Request:  sepostgresql - Security-Enhanced PostgreSQL


https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=249522





------- Additional Comments From kaigai at kaigai.gr.jp  2007-08-03 13:36 EST -------
(In reply to comment #11)

Tasaka-san, Thanks for your comments.

SELinux is a feature implemented in the kernel. It hooks any system call to 
make a decision based on the security policy, whether it should be allowed, or 
not. It enables to control accesses onto resources managed by the kernel, like 
file, socket and so on.
However, the kernel cannot identify user space objects like a window of X, or a 
table of database. It means bare-SELinux cannot control accesses onto user 
space objects.

* What is differences between PostgreSQL with SELinux and SE-PostgreSQL
Both PostgreSQL and SE-PostgreSQL execute system calls to operate something. 
SELinux hooks them as mentioned above. In addition, SE-PostgreSQL hooks any SQL 
query to make a decision based on the policy, whether it should be allowed, or 
not. It means that the security policy enables to control accesses onto 
userspace objects including tables, columns and so on. PostgreSQL does not have 
such a mechanism, so any operation are out of scope of the security policy.
It is the most fundamental difference.

* The reason why I submit a patch for selinux-policy
SELinux has a feature of loadable policy package. It enables to plug/unplug a 
set of security policy without modification of policy source. But some kinds of 
policy are exception.
The definitions of object classes and access vectors are one of exception. It 
defines permissions related to a specific object type.
No need to say, object classes related to database is a new concept for 
SELinux, so these permissions are currently undefined.
The patch I posted complement these lacking definitions.
If these definitions are integrated into the base security policy, we can pack 
the rest of policy within RPM of SE-PostgreSQL. Thus, it is necessary the patch 
to be merged.

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

More information about the Fedora-package-review mailing list